Migrate local group memberships between directories

Still need help?

The Atlassian Community is here for you.

Ask the community

Please review Migrating Users between User Directories first before going through this KB article.

This process requires the use of a third party plugin as well as a script that runs externally of a JIRA application. As such, this process is not officially supported by Atlassian and the information on this page is provided as-is.

When to use this KB

This KB will help you migrate your group memberships between any combination of the following directory types:

Step 1: Create a CSV of user-group relationships

First, you will need to create a CSV by exporting the username and group pairing of all users in your directory. You will need the directory ID for the source users and groups. To find out your directory ID, run the following query:

 SELECT id, directory_name, description, directory_type
   FROM cwd_directory;

MySQL and Postgres queries are provided below that will create the proper output for the CSV file (It has to be a CSV file).

MySQL

SELECT cu.lower_user_name, cg.lower_group_name 
  FROM cwd_user cu 
      JOIN cwd_membership cm ON cu.id=cm.child_id 
      JOIN cwd_group cg ON cm.parent_id=cg.id 
   WHERE cu.directory_id=<souce_directory_id> AND cg.directory_id=<souce_directory_id>
      INTO OUTFILE '/tmp/outfile.csv'
         FIELDS TERMINATED BY ','
         ENCLOSED BY ''
         LINES TERMINATED BY '\n';

PostgreSQL

COPY (
   SELECT cu.lower_user_name, cg.lower_group_name
      FROM cwd_user cu
      JOIN cwd_membership cm
         ON cu.id=cm.child_id
      JOIN cwd_group cg
    	 ON cm.parent_id=cg.id
      WHERE cu.directory_id=<souce_directory_id> AND cg.directory_id=<souce_directory_id>
)
	 TO '/tmp/user-groups.csv'
	 WITH CSV;

If you are migrating from and either of the LDAP-backed directories with local and external groups, and you do not want your LDAP groups added to your internal directory, add cg.local='T' to your WHERE clause. This is not necessary if your source directory is a standard internal directory.

The target group is case sensitive, but not the username. If you happen to have problem with the groups, you might want to change cg.lower_group_name to cg.group_name

 

The output of these queries should create a csv with content similar to the following:

admin,jira-administrators
admin,jira-developers
admin,jira-users

Step 2: Create your new directory and add users

The most common directories to migrate local memberships to are LDAP Directories with Local Groups or an Internal Directory with LDAP Authentication, but you can also use this method for a newly created Internal Directory.  Once you have created your desired directory, you will need to meet the following prerequisites:

  • The new directory must be moved to the top of the directory list in JIRA Administration >> User Directories.
  • All of the usernames that need their group memberships migrated need to already exist in the new directory.  In an LDAP directory that supports syncing, this will happen automatically once you create the directory.  For an internal directory, you will need to populate the directory manually.  This can be accomplished via the CLI with the addUserWithFile action.  Each line in your CSV will need to be in the format: user,password,email,fullName

    tip/resting Created with Sketch.

    You can alter the SQL statements above so that the select portion of the query pulls the necessary columns to create an addUser CSV. For example, SELECT lower_user_name, 'password', email_address, display_name FROM cwd_user JOIN..., replacing password with any random string for a temporary password. Your users can then use the password reset option before logging into JIRA after the migration.

Step 3: Install the Atlassian CLI Tool

  1. Download and install the Atlassian CLI plugin (via Cog > Add-ons > Manage add-ons > Upload add-on) 

  2. Generate a new evaluation license through https://my.atlassian.com (MAC) and attach the license to make it work. (info) Details on usage can be found on the JIRA CLI wiki page.  

  3. Download the CLI client from the page.

Step 4: Use the CLI to add users to their groups

These instructions were written for JIRA CLI version 5 and may need to be adapted to later versions.

The CLI tool has a built in action that will automatically add users to groups using a CSV.  Run the following command from the CLI directory root directory:

./jira.sh --server <BASE_URL> --user "<username>" --password "<password>"  --action addUserToGroupWithFile --file "/path/to/test.csv" --autoGroup

For Windows users, replace ./jira.sh with jira.bat.  Once the script has completed, you can move the new directory to any ordering you prefer.  If you are unsure of how ordering your directories affects authentication and permissions, there is more information available in our doc on Managing Multiple Directories.

 

(info) After migration, the users will need to login against the new directory before the user can receive any notifications, or be added as Participants or Watchers.

 

Last modified on Sep 26, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.